>>"How long before we see a generation of malware that actually makes use of this?"

I'm not quite sure how to parse your sentence but if you mean malware that exists solely in memory and propagates from there, it's already happened. Check out the recently uncovered attack on Kapersky by Israel whoever is behind Duqu and how they did it. How long before we see this done by none APT actors? Not sure.

Re: Just Use Linux

Actually, Microsoft do sell GNU/Linux. You can pay for GNU/Linux instances on Azure and MS also provide some tools of their own to manage configuration of them. What they don't do, is publish their own distro which is probably sensible given that RedHat and others provide good enterprise-focused distros themselves.

Re: Just Use Linux

>>"But the clever ones do it with Linux or through their phone. And remember the backend (the servers etc) of the online banking system will be running Linux too."

And maintained by professionals who know what they're doing. Here's something that is true - compromising a GNU/Linux system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks or link their server up to disreputable websites, is hard to do. Here is something else that is true - compromising a current Windows system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks or link their server up to disreputable websites, is hard to do

See the points of comparison? Now here is something else - compromising end user installations of Windows run by people who have no understanding of keeping software up to date, who connect it to disreputable sites, who download software from untrusted places and ignore bright yellow warnings and proceed to give it free reign to do what it wants to their OS, is much easier.

Notice the difference between these two scenarios is not the OS, but the environment it finds itself in.

Re: Surely...

>>"Surely it would be easier to just start again and write a robust OS from the ground up?"

Like how Mozilla decided to throw out the Netscape code and do a clean slate approach to a browser - with near disastrous consequences and leading directly to IE6 being the dominant browser for so long? Because an OS isn't already several orders of magnitude more complex than a browser.

If there's one thing that modern software development has learned, it's that you don't start from scratch without a very good reason. But let's ignore that you put "easy" and "write a robust OS from the ground up" in the same sentence. What is it you would do differently in a new OS that current Windows doesn't do (or vice versa) which would make your new OS inherently more secure? I would like a genuine answer to that as I am curious.

Re: So all it does...

"All it does", "only", "just", people throw these words around so casually. This is useful and not trivial. And as machines increasingly exist as VMs which means they can be run without restarting from their point of view even if the underlying physical hardware is turned on and off again with the memory restoring, malware living only in memory is increasingly viable. The fact that OSs can now be patched in real time without actually restarting makes this even more viable.

Existing malware acts as a gatekeeper, attempting to stop it gaining access in the first place. But as we've seen with some recent malware, that is not enough. So the next logical stage is combatting actual running malware in memory.

Tell you what, if you think this is so "all it does," why don't you go away and come back with your own API standard that is vendor agnostic, supports file, memory and stream scanning with the same API calls, has URL/IP reputation checks for all of these and even lets you correlate different sessions so that malware vendors can take actions based on multiple different memory fragments to deal with more dynamic malware.

But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. As to how you twist having this capability to "sounds ilke a disaster" and open up "a whole new set of security vulnerabilities", I have no idea. You appear to be an idiot with no real understanding of what you're talking about.

Re: Eugh

I doubt covering your body in mud would work. But I know what would:

People refusing en masse to go to the festival unless the facial recognition and surveillance is removed. This would instantly end it at that festival. Not sure what the critical mass would need to be to achieve this. A third of people to a half would be my wild estimate. And it wont matter if the tickets are already sold or not, people walking away from it in large numbers would have this effect.

Rock / Alternative types fancy themselves misfits and rebels, do they not? They have a definite and real way they could stick it to the Man if they did this.

Or they can wander around knowing their every movement is being tracked and their faces scanned by cameras. Up to them.

Re: A bit late, Microsoft

>>"Tell us why we should spend time learning your system when we've already got solutions that have worked for over a decade."

Because:

(1) It's good to try new things.

(2) This is integrated with Azure which is a nice service so if you're using Azure, it makes sense to evaluate this.

(3) You have a funny definition of "worked for over a decade" given the endless headaches I see Sysadmins subject to routinely. Technology progresses and it's silly to take an attitude of refusing to look at new stuff because you're familiar with the old.

Re: They won't listen

Microsoft are one of the big players in providing GNU/Linux infrastructure as a service. GNU/Linux has been an option in Azure for a long time. What's with all this paranoid nonsense that they don't simply want to compete with rival cloud / IaaS providers?

>>"My boss at the time said she got a reference request for him a few weeks later, from a security firm to monitor CCTV for theft, etc. I would love to know exactly what she wrote, but I have a pretty shrewd idea what kind of lines it would have gone down, even if there was no way she could write a direct accusation in it."

Re: Head in the Cloud storage?

Actually, it sounds more like the desktop of someone I know the last time I got talked into helping them with their "computer stuff". There might have been a desktop wallpaper under there, I couldn't tell.

Re: This is why we can't have nice things!

>>"Some of us will be rational (those of us in the middle ground who feel there's too much BS on both sides) and then the Deniers and True Believers will do battle. Will that work?"

Um, I have been several times informed by proponents of AGW that those of us in the middle ARE deniers. I've been told in no uncertain terms that the time for debate is over and one is for us or against us. At least when I express doubts that's generally what I receive.

Re: Not just a service pack

>>"Minor updates to the UI don't mean there could be bigger updates to the OS itself. 8.1 was a much larger update than a service pack. You can call it as you like, but 8,1 was not a service pack"

I'm wiling to be persuaded but I'm not seeing any significant functional change:

http://en.wikipedia.org/wiki/Windows_8.1

They changed some bits of the UI, re-adding the Start button for example, and they changed some of the default apps (which isn't an OS change). The only thing I see significantly different is that they changed the way it connects to OneDrive and they added device encryption by default (which is just BitLocker which is already there). Obviously some of the code was optimized, but I don't see that means it's a new OS.

It's unhelpful to class them as separate in general terms because they are essentially the same and it confuses things like this where the rise in 8.1 is accompanied by a fall in 8 which is for most people not the distinction that is of interest. It's whether 8/8.1 is rising or falling that is the practical question, not shifts between the two.

Re: Not just a service pack

I'm not aware that there has ever been an authoritative definition of what constitutes a Windows service pack. If it consists of minor updates and there's nothing radically different about it, I call that a Service Pack.

Re: Perhaps people have realised...

What, precisely, did you find so difficult to accomplish on the laptop without touch? If I want to launch a program, I tap the Windows key and type the first couple of letters and return, it launches it faster that way that moving up and down a Start menu ever did. Even if you for some reason have an absolute aversion to using the keyboard, the Start Screen can easily hold around thirty tiles on even a laptop screen, grouped by function, so unless you're commonly using that many which I doubt, it's the same move to lower left (though again, I tap the Windows key) as you would with Windows 7 and then select the program you want. You don't even have to dig through sub-folders.

Re: "... his left curiously busy in his trouser pocket"

>>"everything he stated is just plain obvious"

Maybe so, but we're living under a government that appears unable to see the obvious, so it's worth stating.

I like John McAfee. People should not mistake eccentric for unaware - he's a very smart person. And occasionally people tar him with the label paranoid, until they actually read more and find some of what he's actually been through. Someone rich yet still willing to fuck with the status quo, that's a rare combination and it leads to some surprising circumstances on occasion. El Reg should have linked to the video where he distances himself from the software which he actually left behind long ago - thar's hilarious.

Re: An intelligent Intelligence boss?

By "not outwitted by a direct question", do you mean avoiding any meaningful answer of it? Where are the actual studies - or even study - that shows that the increasing surveillance isn't having an effect on people's willingness to do business here?

I have no knowledge of anybody being discouraged from doing business in the UK by our proposed or actual snooping. However, I do have knowledge of at least two significant deals that fell through with American companies because of lack of trust in the US government not snooping. It's not a small issue for US businesses at the moment. And the UK has been behaving similarly to the USA so I would not be surprised if there were a similar reaction.

I would want more than anecdotes from a few of this guys friends on this before I considered it actual data.

Re: Confused

This is kind of an odd article. I'm not sure if my understanding is at fault or the author's. I don't quite see the overlap / conflict between Docker and PaaS that the author seems to be talking about, but I may just not quite have got what they mean.

The point of PaaS to me is that I have someone else providing the services that I need and these people (Amazon, Azure et al.) are going to know a lot more about managing it all than I do. Or quite frankly even if they don't, I want to focus on my applications, not on administration of all these services.

That's why PaaS is my GoTo. IaaS is my fallback if PaaS can't do what I need because with IaaS I can do a lot more, but at a very marked increase in work outside my core business. As PaaS gets better and better, I see the need for IaaS reducing for my use cases (and many people's). I think there will be a big shift away from IaaS towards PaaS because if the latter gives you what you need and lets you focus on what you really care about, why wouldn't you?

But where Containerisation fits into the above conversation, I'm not quite sure. I think the author is saying that Containerisation obviates the need for PaaS to some extent? Or that people think it does and he's saying that actually people are wrong and it doesn't... But I'm not quite clear. Containerization is, I guess you could call it, a refinement / supplement / tool for IaaS and thus keeps parity between the two approaches, offsetting the complexity of IaaS to some extent? I'm not sure if that's the argument.

Re: How many of you Windows user will be...

>>"I stopped using Microsoft Office 15 years ago (yes, in 2000) switching to Open Office and later to LibreOffice. I never looked back [...] I realized how much I do not need this application when I bought recently a PC with a preinstalled Microsoft Office. I deleted it without switching it on, even once"

It's always amusing how the most critical posts of MS products feel the need to emphasize their points by explaining how they avoid being able to make informed comparisons. They're always this unaware combination of "I stopped using this over a decade ago..." and "I deleted it without trying it.." followed by how rubbish they know it is.

Re: A little too late...staying with Office 365

Are you sure you're not confusing it with Office Web Apps. You can use MS Office without an Internet connection, including mobile versions. Office 365 is actually a subscription model that can cover both downloadable versions and the web apps. It's not a specific piece of software itself. You obviously can't use the online versions of Office without a connection, but you can use the downloadable versions.

Re: @Hasham - I'll be assembling a new PC in 2016

I see ACs here have finally given up pretending that going into the BIOS and clicking Secure Boot to off is difficult and are now blaming Microsoft for the dark deeds they have yet to perform. Or even announce.

>>"If MS were to make the Trial option mandatory for paid apps, it might solve a great many problems."

It should certainly be encouraged. I have on several occasions avoided an app because it had no trial period. But mandatory would be problematic as there are some cases where it is simply not legally possible - for example the music notation software demo'ed at Build recently which contains third party copyrighted musical scores and so can only be sold, not licenced. (Resolvable probably, but an example). There are also apps that are specialized but rare use. Such apps could have their sales reduced by trial periods by most people only needing to get a few uses out of them and then not needing the app again for a year, or maybe never. I have used a piece of software like that on a few occasions and was able to do everything I needed with their trial version.

Not a bad idea in general, but I'm wary of the part about removing apps because they are more expensive than equivalents. Seems like it would favour new copy-cat apps over the original innovators and it might also favour larger vendors over small independents. Neither of which are a good thing. Vendors should be able to set their own prices.

It was exactly what I thought of when I read the story. I wouldn't have thought they'd be caught out like this twice. Apple are usually better than this, but there you go...

Incidentally, El Reg. seem to be giving up any pretence of knowing parody these days and just going for direct Daily Mail style gratuitous sexualisation. Unless I'm missing some subtle relevance to the giant image of a strapless model to this article. Off-topic, yes. But then so is the photo.

Re: "Money flows to whoever it is that has the rare thing."

>>"an inside regulator can cheat the system, and an outside regulator can poison it."

Well if you accept that anyone without a vested interest must be ignorant to the point that they cannot effectively regulate, maybe. But is that the case? First off, the reason you have regulators outside the market is generally the regulations are for guarding against externalities. People within the market are pretty capable of working out what is most efficient for their goals. You get the regulations to prevent those goals conflicting with the wider society - environmental pollution, anti-trust issues (where one market reaches over into another), defrauding investors, etc. And people outside of a market are often very capable of recognizing where that market is impacting them.

Re: Nobody knows anything

>>"Not really a surprise that Worstall gets the author of Lord of the Flies confused with the writer of The Princess Bride."

I don't know much about the VFX industry, but I do know that every time Worstall has blundered into an area that I do know about with one of his polemics, his analysis has been shallow, misguided and above all, setting out to prove his desired conclusion. So I can well believe your post. Honestly, there's always that difficult choice when I see a Worstall article as to whether to read it and reward him with clicks but have the opportunity to correct the worst of his excesses, or play the long game and hope not reading will eventually mean he goes away.

VFX studios keep going bust because they run below capacity, do they? That might harm some investors yet somehow doesn't seem to be harming the market as VFX continues to become ever cheaper and more commonplace. That is likely the greater reason - IT investments depreciate quickly and with the rate of progress in VFX by the time you are set up and ready, you have a very limited window because your next competitor springs up without the weight of investment in legacy technology holding them down. You spend ten million dollars on your hardware and software (and to some extent staff as skills also depreciate in a fast-moving sector), and six years later whilst you're still paying that off, someone else spends ten million dollars on hardware and software and new hires and they're better equipped than you are.

Normally start-up costs are significant barrier to entry. But when your investment depreciates with time, that offsets it to a surprising extent. A second factor is staff retention. In a growing market, staff have supreme mobility. And the VFX market is growing and healthy.

Re: Dan is the man!

"In the U.K. there will be a referendum on the E.U., but the people will be lead sleep walking in to the TPP/TTIP treaties"

Despite this treaty coming through the EU, we actually have a better chance of avoiding it by staying in where opposition to TTIP is growing daily, rather than leaving as all of our main parties and UKIP are actually in favour of signing it. (caveat, not sure where SNP stand) and would do so independently immediately on withdrawing from the EU.

Re: Stallman isn't my cup of tea

Stallman is a great man. He was instrumental in the success of Libre software. Without him, there might well not have popular GNU/Linux distros for example and the entire Open Source movement would be a decade behind where it is today at the very least, or more likely unrecognizable as what we have today.

And he ALWAYS backs up what he says. If MS give the NSA advance notice of vulnerabilities that is a bad thing and worthy of criticism. I don't care if he looks like Jesus. Hell, I don't care if he thinks he is Jesus! What I respect is someone who is intellectually honest, self-consistent and supports their beliefs with facts.

Re: Oh... how original...

>>"You beat me to it, a responsive Google Love Doll would be the ultimate product to rake in the bazillions. Just don't let MicroSoft screw it up. Please, keep it Open Source so it can be "dinked with" and modded."

You really want such a product to be made by the world's largest advertising and data gathering corporation?